Using Metrics to Manage Your Application Security Program

by Jim Bird

In this paper, well look at the first steps in measuring your AppSec program, starting with how to use metrics to understand what is working and where you need to improve, to identify and solve problems, and to build a case for making further investments in your program. Ultimately, the goal is to make AppSec part of the organizations culture, and ensure its relevant to business units and meaningful to executives.